CVE-2021-39041: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3, 7.4, and 7.5 were identified to contain a vulnerability (CVE-2021-39041) that could lead to a partial denial of service attack. The vulnerability affects the Common and TCPMultilineSyslog protocol components, potentially resulting in some protocols not listening to specified ports. This security issue was disclosed and addressed by IBM in June 2022 (IBM Advisory).

The vulnerability received a CVSS Base Score of 3.7 (LOW) with the following vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. This indicates that the vulnerability is network accessible but requires high attack complexity, needs no privileges or user interaction, has no impact on confidentiality or integrity, but can have a low impact on availability (IBM Advisory).

The vulnerability could result in a partial denial of service condition where certain protocols would stop listening on their specified ports, potentially disrupting normal system operations and service availability (IBM Advisory).

IBM released fixes for affected versions through protocol updates: PROTOCOL-Common-7.3-20220608132603 and PROTOCOL-TCPMultilineSyslog-7.3-20220531145432 for version 7.3, PROTOCOL-Common-7.4-20220608234024 and PROTOCOL-TCPMultilineSyslog-7.4-20220531145346 for version 7.4, and PROTOCOL-Common-7.5-20220608234038 and PROTOCOL-TCPMultilineSyslog-7.5-20220531145302 for version 7.5. These updates were included in the June 29, 2022 auto update bundle. No workarounds were provided as alternatives to patching (IBM Advisory).